CVE-2024-26745

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0

Description The Linux kernel has a vulnerability in the powerpc/pseries/iommu component. When the kdump kernel tries to copy dump data over SR-IOV, the LPAR panics due to a NULL pointer exception. The kernel attempted to read a user page, which is considered an exploit attempt. The vulnerability occurs because the IOMMU table is not initialized for kdump over SR-IOV.

The issue arises when Dynamic DMA Windows (DDWs) are scanned and added to the Flattened Device Tree (FDT) before kexec hands over control to the kdump kernel. For the SR-IOV case, the default DMA window "ibm,dma-window" is removed from the FDT, and the DDW is added for the device. Later, when the device driver tries to enter TCEs for the SR-IOV device, a NULL pointer exception is thrown from iommu area alloc().

The fix is to initialize the IOMMU table with the DDW property stored in the FDT. There are two points to remember:

Recommendations To resolve the issue, update the Linux kernel to version 6.4.0 or later. If updating is not possible, consider disabling the SR-IOV feature or restricting access to the vulnerable IOMMU table until a patch is available.